Product Review: GFiLANguard NSS 8

| June 28, 2007

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:Wilson}

gfi.gifBy Brian Wilson, CCNA, CCSE, CCAI, MCP, Network+, Security+, JNCIA

I recently was asked to test drive GFiLANguard Network Security Scanner (N.S.S.) 8.0 and write my findings. GFi describes LANguard as having the ability to "check your network for possible security vulnerabilities by scanning your entire network for missing security patches, service packs, open shares, open ports, unused user accounts and more." Having known about this product for quite some time but never getting my hands on it, I was excited as I had the perfect idea for testing its described capabilities.

I immediately contacted the Director of a local non-profit organization, and asked if they would be willing to be my test bed for this network security auditing tool. After explaining my intentions, they were very happy to open their doors and be a gracious host. And, considering that GFi was kind enough to extend the temporary licenses to a full year for every copy of the software for the non-profit, they were thrilled to be selected as our site of choice.

To give you a brief background on the non-profit, they are a home for disadvantaged youth and orphans while also providing family services to children. They have a main location with 200 workstations, 8 servers with varying duties, and 5 remote offices connected to the main location via Layer 2 VPNs. Due to being a non-profit where funding is very limited, their team consists of only two Network Administrators. Since I have assisted them in the past with lots of volunteered time and services, I was very aware of the network design and need for help. This network was pieced together over time with whatever was on hand or donated, so there are many different versions of Windows and other OSs on the network. Also, the remote offices are hundred of miles from the main campus, so patch and update management is done when time permits. The two current Network Administrators are self-taught and mainly care about the mission of their organization and not the little money they get paid. Now that I have painted a picture of this network and how it is maintained, I will roll into how the LANguard software was tested and received by the local staff on their network.


First of all, I decided to copy the install file for LANguard on one of their older file servers. Without software distributions systems in place, placing LANguard on a central host provided easy access for all of the workstations and, because of the good network connectivity, made for an efficient way for all machines to get up to speed.

1.jpg 

2.jpg

The install was very easy and has an attendant service for scheduled scans and patch management that accepts domain admin account credentials. This will definitely come in handy down the road as an Active Directory rollout is currently in progress. It also has the ability to generate reports and store the results in many formats (MS Access/SQL) and SMTP for email notifications. Once you have everything loaded the software updates itself to keep your scanner current. There is not much left out of this high-end security management software package. I was very impressed and the clients were excited to see all of its functionality. At this point I will also add that GFi has very good documentation freely available on their site to assist you with installation and implementation. They also have paid, full support if further help is required.

3.jpg

Once we had the settings ready for the basic scan based on OVAL and the SANS Top 20 vulnerability database, we were set to see this tool work.

4.jpg

The scans went well and were fairly quick despite the warning on the screen shot above. It was nice to see that the older Windows systems were found and scanned, but one thing to note is that the Patch Management tool only works on Windows 2000/XP/2003/Vista/Exchange 2000 & 2003/ MS SQL Server 2000 – 2003.

5.jpg

With the first scan done, there was a big wake up call on what needed to be done on the network and where they stood on getting their environment under control. The GUI was very easy to understand.  The fact that the vulnerabilities listed had links and information on the bug-trap and fixes helped to further understand the true threats to the network. With the scan results saved, we now have a baseline from which to work and a way to gauge our progress on securing the network.

One thing that can be said for this product is that there are a lot of "bells & whistles" that make it even more useful than a standard scanning product. With too many features to cover in-depth, we did find that several other functions came in handy enough to mention such as the ability to filter the data to audit or collect only the information you desire. It was a big time-saver to have over 18 preset filters. You can filter by Vulnerabilities [high, medium, & low security], Missing Patches, Open [ports & shares], Auditing/Password policies, and many more. We also found the installed applications scan to be very useful to locate unauthorized software and warez on the client computers. This is a must scan for liability issues and, with the dangers that warez software can present, it is important to know what is installed and where.

Last but certainly not least, I found the patch management functions to be very well done. These features are easier to use then some of the Microsoft tools and applications that I have used in the past to not only maintain but also to push patches to the client machines. Pushing becomes crucial as users and remote devices don't always play by the rules. This alone made the software worth the price of admission, but that's something you have to decide for your own organization. Good thing GFi helps in this regard as well by providing a free evaluation copy of LANGuard for you to try before you buy. Simply visit their site, http://www.gfi.com/, and you're off and running.

Information is power especially when overhauling a network infrastructure. When the current administrators for our non-profit test site were hired, they inherited one big workgroup with tons of shares. As much as we'd hate to admit it, they're certainly not the only ones facing such an issue. With the help of LANguard they are starting to see how best to focus their precious few resources. This enables them to balance the workload from a network management perspective, properly plot a course for what needs to be done right now as well as maintain their security stature moving into the future. Not bad for a single product.

Having used many different commercial security scanning tools in the past, I was pleasantly surprised with GFiLANguard Network Security Scanner (N.S.S.) 8. Cost may be an issue for some, but, because of its overall usefulness and ease of use, I give it an 8 out of 10 and an Ethical Hacker Network Recommendation.


Brian Wilson (bwilson@ethicalhacker.net) has over 12 years experience in IT starting with a tour in the United States Army. He has worked in and out of the US Government in many different organizations and technical roles including a stint as a Cisco Certified Instructor. Currently he works for one of the largest US broadband providers (ISP) as a Senior Data/Voice Engineer supporting over 3 million High Speed Internet/ VoIP subscribers. He has attained a number of industry credentials covering many aspects of IT including CCNA, CCSE, CCAI, MCP, JNCIA, Network+, Security+, and many DoD Certifications. He also uses his knowledge of IT to benefit a number of charitable organizations. Clearly Brian's knowledge and interests are wide, and his affinity for philanthropy will be the overiding theme of his vast set of articles and videos. 

Category: Wilson

Comments are closed.